Contents of this Issue

Navigation

Page 42 of 68

capable of sharing very specific threat information that will allow
them to better protect their needs.
KNISLEY: Rich, in the context of these worries about the digital
space and bad actors getting into our network from outside, how
does the in-person threat in physical stores concern you?
NOGUERA: Network segmentation, hardening of the devices, testing
thoroughly—both in-store testing and external store testing—all
this is essential. But, as always, the first line of defense is in-store
associates, and the training and understanding and responsibilities
necessary to protect those assets. Especially when you add in
additional capabilities at POS, it becomes even more critical. So, the
in-store associate is our best defense here.
KNISLEY: Rich has worked for some of Silicon Valley's biggest
companies, so he has deep experience in the high-tech world. What
challenges are you facing in retail that are unique to retail, those
that you didn't see elsewhere?
NOGUERA: That's a good question. When attacking a retail
network, it's typically a smash-and-grab approach. The goal of
an attacker is to get in there as quickly as possible, grab as many
credit cards as possible, and get out. The methods of entry and
methods of attack are the same whether it's crime-motivated, a
nation-state-type motivation, or a larger coordinated type of event.
Coming from high tech, we were always at the leading edge of
applying the latest and greatest technology to get as predictive as
possible. So, one of our primary challenges in retail is how do we
accelerate that game?
KNISLEY: Shawn, you work with companies in every industry. When
you're working with retailers, what are the nuances or differences
that you see compared to a high tech or energy company?
HENRY: When we're talking about protecting the network, I
don't think that there really are major differences. There are
some differences within the architecture and infrastructure—POS
devices, for example. But the reality is that the techniques and
the capabilities that retailers need to employ to prevent and
detect these types of attacks are essentially the same.
In IT, for years we've been practicing defense-in-depth. We do
it in the physical world as well, of course. But in the information
world, it's about firewalls, intrusion-detection systems, two-factor
authentication, and encryption. You layer your defenses so that
you can be more resilient. But the reality of it is, in the IT space,
the most sophisticated adversaries will get into the network one
way or another. Maybe that sounds defeatist, but let me illustrate.
We've worked with organizations that have 100,000 network
endpoints. Imagine in a brick-and-mortar store trying to protect
a building with 100,000 doors. Every one of those endpoints is a
potential ingress into the network. They're going to get in. While
the old paradigm in information security used to be preventing
an attack, the reality of it is that now we can't do that. We
have to assume that an adversary is going to be there. The new
continued on page 44
Use independently
Use with accessories
www.intelligentlossprevention.com • 800.747.4384
Introducing a new all-in-one EAS sensor with multiple
applications for packaged goods and demo devices!
loop cable
strapping
sensor cable adhesive
42
JULY - AUGUST 2014 | LPPORTAL.COM
DEALING WITH DATA BREACHES